(Password reset) An example of how you can use Administrative Units in Azure Active Directory!

%3CLINGO-SUB%20id%3D%22lingo-sub-2755823%22%20slang%3D%22en-US%22%3ERe%3A%20An%20example%20of%20how%20you%20can%20use%20Administrative%20Units%20in%20Azure%20Active%20Directory!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2755823%22%20slang%3D%22en-US%22%3EHi%20Tom%2C%3CBR%20%2F%3E%3CBR%20%2F%3EGreat%20guide%2C%20exactly%20what%20we%20need%20for%20a%20customer%20right%20now.%20Any%20idea%20if%20this%20can%20be%20implemented%20with%20custom%20Exchange%20admin%20roles%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20in%20advance.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2759012%22%20slang%3D%22en-US%22%3ERe%3A%20An%20example%20of%20how%20you%20can%20use%20Administrative%20Units%20in%20Azure%20Active%20Directory!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2759012%22%20slang%3D%22en-US%22%3EThank%20you%20very%20much.%20Only%20a%20few%20admin%20roles%20are%20available%20at%20this%20time.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2562069%22%20slang%3D%22en-US%22%3E(Password%20reset)%20An%20example%20of%20how%20you%20can%20use%20Administrative%20Units%20in%20Azure%20Active%20Directory!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2562069%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20Azure%20%2F%20Microsoft365%20friends%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20scenario%20is%20about%20assigning%20an%20elevated%20right%20(an%20administrative%20role)%20for%20a%20specific%20area.%20More%20precisely%2C%20to%20an%20administrative%20unit%20(You%20need%20Azure%20Active%20Directory%20Premium%20P1%20for%20Administrative%20Units!).%20I%20will%20explain%20exactly%20what%20I%20mean%20by%20this%20in%20a%20moment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EI%20am%20in%20the%20Azure%20Active%20Directory.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_01.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296718i69C15D3499FE12E3%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_01.JPG%22%20alt%3D%22AU_01.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EI%20navigate%20to%20the%20users.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_02.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296719i8A94294689E21711%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_02.JPG%22%20alt%3D%22AU_02.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EI%20select%20the%20%22Jane%20Ford%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_03.JPG%22%20style%3D%22width%3A%20908px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296720i602FC69DC19B1E95%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_03.JPG%22%20alt%3D%22AU_03.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EI%20click%20on%20Assigend%20Roles%20on%20the%20left.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_04.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296722iF62A5C7815DBDBFB%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_04.JPG%22%20alt%3D%22AU_04.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAt%20%22Select%20role%22%20I%20choose%20the%20%22Password%20Administrator%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_05.JPG%22%20style%3D%22width%3A%20621px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296724iC3692DA9B55E82D0%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_05.JPG%22%20alt%3D%22AU_05.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EIn%20your%20case%2C%20the%20view%20may%20be%20somewhat%20different.%20For%20me%2C%20Privileged%20Identity%20Management%20is%20enabled.%20I%20select%20Eligible%20for%20Assignment%20Type%20and%20select%20Assign.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_06.JPG%22%20style%3D%22width%3A%20389px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296725iB9E2C34CB9D3447F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_06.JPG%22%20alt%3D%22AU_06.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENow%20we%20see%20why%20I%20don't%20want%20to%20work%20with%20the%20permission%20assignment%2C%20the%20area%20is%20too%20%22open%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_07.JPG%22%20style%3D%22width%3A%20923px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296727iA5137A62D2D96A4A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_07.JPG%22%20alt%3D%22AU_07.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENow%20the%20Administrative%20units%20come%20into%20play.%20I%20go%20back%20to%20Azure%20Active%20Directory%20and%20click%20on%20Administrative%20Units.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_08.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296728i772F5A6EEE382D17%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_08.JPG%22%20alt%3D%22AU_08.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EClick%20on%20%22add%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_09.JPG%22%20style%3D%22width%3A%20979px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296731i77377CF55514F0FB%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_09.JPG%22%20alt%3D%22AU_09.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWe%20assign%20a%20name%20and%20click%20next.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_10.JPG%22%20style%3D%22width%3A%20795px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296733i57D0D41E5C45C07C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_10.JPG%22%20alt%3D%22AU_10.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EClick%20on%20%22Password%20Administrator%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_11.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296734i171BDE144F00FA5C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_11.JPG%22%20alt%3D%22AU_11.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EI%20search%20%22Jane%20Ford%22%20and%20click%20%22add%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_12.JPG%22%20style%3D%22width%3A%20568px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296736iC1CFC1DD2655759B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_12.JPG%22%20alt%3D%22AU_12.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENow%20click%20on%20%22Review%20%2B%20create.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_13.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296737i40ED1979B2446DF4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_13.JPG%22%20alt%3D%22AU_13.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThe%20Administrative%20Unit%20is%20created.%26nbsp%3BClick%20on%20the%20Administrative%20Unit.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_14.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296740i622B6268895DAA4A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_14.JPG%22%20alt%3D%22AU_14.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EClick%20on%20Users%20and%20%22Add%20member%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22_AU_1.JPG%22%20style%3D%22width%3A%20792px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F311124i0DCE13EED0876973%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22_AU_1.JPG%22%20alt%3D%22_AU_1.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESelect%20the%20users%20for%20whom%20Jane%20Ford%20is%20allowed%20to%20reset%20the%20password.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22_AU_2.JPG%22%20style%3D%22width%3A%20566px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F311125i83C4BE710E5CEC02%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22_AU_2.JPG%22%20alt%3D%22_AU_2.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThe%20users%20are%20now%20listed.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22_AU_2a.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F311127iA279123647F45889%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22_AU_2a.JPG%22%20alt%3D%22_AU_2a.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWe%20go%20back%20to%20the%20Azure%20Active%20Directory%20and%20click%20on%20%22Users%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_18.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296745i08C6D1D41CB5B425%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_18.JPG%22%20alt%3D%22AU_18.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EI%20select%20the%20%22Jane%20Ford%22%20again.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_19.JPG%22%20style%3D%22width%3A%20939px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296749i26E9417F26026296%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_19.JPG%22%20alt%3D%22AU_19.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EClick%20on%20%22Assigned%20Roles%22.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_20.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296750i61432695F52507BA%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_20.JPG%22%20alt%3D%22AU_20.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EYou%20see%2C%20now%20the%20Jane%20Ford%20has%20the%20role%20%22Password%20Administrator%20but%20no%20longer%20on%20the%20entire%20directory%20but%20only%20on%20the%20Administrative%20Unit.%20Mission%20accomplished!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AU_21.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F296751i147CA624964FF303%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22AU_21.JPG%22%20alt%3D%22AU_21.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EBut%20now%2C%20how%20exactly%20can%20the%20Jane%20Ford%20reset%20the%20passwords%20for%20the%20selected%20users%3F%20For%20this%20we%20(i.e.%20the%20Jane%20Ford)%20use%20the%20following%20URL%20on%3A%20mystaff.microsoft.com%20(Jane%20Ford%20needs%20to%20sign%20up).%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESubsequently%2C%20Jane%20Ford%20sees%20the%20Administrative%20Unit.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22_AU_3.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F311129i0E6AB4F70965A8C1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22_AU_3.JPG%22%20alt%3D%22_AU_3.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENow%20click%20on%20Administrative%20Unit.%20The%20users%20are%20displayed.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22_AU_4.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F311130iDCDF3CC1A05E8BEF%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22_AU_4.JPG%22%20alt%3D%22_AU_4.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENow%20click%20on%20Jon%20Prime%20and%20the%20password%20can%20be%20reset!%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22_AU_5.JPG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F311131i12A0D9EFC1A6E056%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22_AU_5.JPG%22%20alt%3D%22_AU_5.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20absolutely%20aware%20that%20this%20was%20now%20not%20the%20absolute%20ultimate!%26nbsp%3BBut%20I%20really%20wanted%20to%20share%20my%20experience%20with%20you.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20taking%20the%20time%20to%20read%20the%20article%20and%20I%20hope%20this%20article%20was%20useful.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20regards%2C%20Tom%20Wechsler%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2562069%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
MVP

 

Hi Azure / Microsoft365 friends,

 

This scenario is about assigning an elevated right (an administrative role) for a specific area. More precisely, to an administrative unit (You need Azure Active Directory Premium P1 for Administrative Units!). I will explain exactly what I mean by this in a moment.

 

I am in the Azure Active Directory.

AU_01.JPG

 

I navigate to the users.

AU_02.JPG

 

I select the "Jane Ford".

AU_03.JPG

 

I click on Assigend Roles on the left.

AU_04.JPG

 

At "Select role" I choose the "Password Administrator".

AU_05.JPG

 

In your case, the view may be somewhat different. For me, Privileged Identity Management is enabled. I select Eligible for Assignment Type and select Assign.

AU_06.JPG

 

Now we see why I don't want to work with the permission assignment, the area is too "open".

AU_07.JPG

 

Now the Administrative units come into play. I go back to Azure Active Directory and click on Administrative Units.

AU_08.JPG

 

Click on "add".

AU_09.JPG

 

We assign a name and click next.

AU_10.JPG

 

Click on "Password Administrator".

AU_11.JPG

 

I search "Jane Ford" and click "add".

AU_12.JPG

 

Now click on "Review + create.

AU_13.JPG

 

The Administrative Unit is created. Click on the Administrative Unit.

AU_14.JPG

 

Click on Users and "Add member".

_AU_1.JPG

 

Select the users for whom Jane Ford is allowed to reset the password.

_AU_2.JPG

 

The users are now listed.

_AU_2a.JPG

 

We go back to the Azure Active Directory and click on "Users".

AU_18.JPG

 

I select the "Jane Ford" again.

AU_19.JPG

 

Click on "Assigned Roles".

AU_20.JPG

 

You see, now the Jane Ford has the role "Password Administrator but no longer on the entire directory but only on the Administrative Unit. Mission accomplished!

AU_21.JPG

 

But now, how exactly can the Jane Ford reset the passwords for the selected users? For this we (i.e. the Jane Ford) use the following URL on: mystaff.microsoft.com (Jane Ford needs to sign up). 

 

Subsequently, Jane Ford sees the Administrative Unit.

_AU_3.JPG

 

Now click on Administrative Unit. The users are displayed.

_AU_4.JPG

 

Now click on Jon Prime and the password can be reset!

_AU_5.JPG

 

I absolutely aware that this was now not the absolute ultimate! But I really wanted to share my experience with you.

 

Thank you for taking the time to read the article and I hope this article was useful.

 

Best regards, Tom Wechsler

 

2 Replies
Hi Tom,

Great guide, exactly what we need for a customer right now. Any idea if this can be implemented with custom Exchange admin roles?

Thanks in advance.
Thank you very much. Only a few admin roles are available at this time.